fix: install --frozen-lockfile --lockfile-only should work (#6915)

close #6913

.changeset/perfect-forks-beg.md

@@ -0,0 +1,6 @@
+---
+"@pnpm/core": patch
+"pnpm": patch
+---
+
+`pnpm install --frozen-lockfile --lockfile-only` should fail if the lockfile is not up to date with the `package.json` files [#6913](https://github.com/pnpm/pnpm/issues/6913).

pkg-manager/core/src/install/index.ts

@@ -373,7 +373,7 @@ export async function mutateModules (
       !opts.dedupe &&
       installsOnly &&
       (
-        frozenLockfile && !opts.lockfileOnly ||
+        frozenLockfile ||
         opts.ignorePackageManifest ||
         !needsFullResolution &&
         opts.preferFrozenLockfile &&

pkg-manager/core/test/install/lockfileOnly.ts

@@ -75,22 +75,17 @@ test('warn when installing with lockfileOnly = true and node_modules exists', as
   expect(currentLockfile.packages['/rimraf@2.5.1']).toBeFalsy()
 })
 
-// For @pnpm/core it might make sense to throw an exception in this case but for now it is better than having
-// the https://github.com/pnpm/pnpm/issues/4951 issue.
-test('always update the lockfile when lockfileOnly is used, even if frozenLockfile is used', async () => {
-  const project = prepareEmpty()
+test('do not update the lockfile when lockfileOnly and frozenLockfile are both used', async () => {
+  prepareEmpty()
   await addDependenciesToPackage({}, ['is-positive@1.0.0'], await testDefaults({
     lockfileOnly: true,
   }))
-  await install({
+  await expect(install({
     dependencies: {
       'is-positive': '2.0.0',
     },
   }, await testDefaults({
     lockfileOnly: true,
     frozenLockfile: true,
-  }))
-
-  const lockfile = await project.readLockfile()
-  expect(lockfile.dependencies['is-positive'].specifier).toBe('2.0.0')
+  }))).rejects.toThrow(/is not up to date/)
 })